Privacy

Privacy Policy

This Privacy Policy has been compiled to allow a clear understanding of how Stelace (“We”) collects, uses, protects or otherwise handle your Personally Identifiable Information such as your name, contact information or IP address. It is a legal document so some of the language is necessarily “legalese”, but We have tried to make it as readable as possible explaining it with simple words first and then with legal ones. Reminder: Stelace is a French Company subject to French law. Mention of other regulations and other laws are made only for the purpose of showing the efforts made by Stelace to respect all of its users and customers and does not mean that Stelace is under a jurisdiction other than French.

What personal information do We collect from the people that visit our website (You)?

When You land on Stelace website, We collect your IP, We identify your country, your preferred language and the device You are using. We use google analytics to determine where you came from (ie: google, our blog, github, etc.) When registering or subscribing on Stelace, as appropriate, You may be asked to enter your first name, last name, email address, payment information or other details to handle your subscription.

When do We collect information?

We collect information from You when you land on our website, fill out a contact form, subscribe a plan, or enter any other information on our site such as feedback.

How do We use your information?

We may use the information We collect in the following ways: • To personalize your experience and to allow us to deliver the type of content and product offerings in which You are most interested. • To improve our website in order to better serve You. • To allow us to better service You in responding to your customer service requests. • To quickly process your transactions. • To send periodic emails regarding your subscripiton or our Services. • To follow up after correspondence (live chat, email or phone inquiries)

How do We protect your information?

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all information You supply, including sensitive/payment information, is encrypted via Secure Socket Layer technology over the network (SSL/TLS). We do not use vulnerability scanning and/or scanning to PCI standards as an external PCI compliant payment gateway handles all financial data. All financial transactions are processed through a gateway provider and are not stored or processed on our servers.

Do We use “cookies”?

Yes. Cookies are small files that a site or its service provider transfers to your computer through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and remember certain information. For instance, We use cookies to help us remember your preferred language. Cookies are also used to help us understand your preferences based on previous or current site activity, which enables us to provide You with improved Services. We also use cookies to help us compile aggregate Data about site traffic and site interaction so that We can improve our website and offers in the future. We use cookies to: • Understand and save your preferences for future visits. • Validate your access rights to your Data and subscription details. • Compile aggregate Data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted Third-Party services that track this information on our behalf. You can choose to have your computer warn You each time a cookie is being sent, or You can choose to turn off all cookies. You do this through your browser settings. Look at your browser’s Help Menu to learn the correct way to modify your cookies. If You turn cookies off, some of the features that make your site experience more efficient may not function properly.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless We provide You with advance notice. This does not include website hosting partners and other parties who assist us in operating our website to comply with the terms of your contract, so long as those parties agree to keep this information secured with appropriate measures regarding our own efforts. We may release information to comply with the law, enforce our policies, protect ours or others’ rights, property or safety. You’ll be noticed in a timely manner of any such access as long as We are allowed to do so by relevant authorities. We do not include or offer third-party products or services on our website. We, along with third-party such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website. Please refer to the Third Party services We use. Opting out: You can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.

California Online Privacy Protection Act

Users can visit our site anonymously. Once this Privacy Policy is created, We will add a link to it on our home page. Our Privacy Policy link includes the word “Privacy” and can easily be found on the page specified above. You will be notified of any Privacy Policy changes: • On our Privacy Policy Page You can change your personal information: • In your Stelace Account or By emailing us

How does our site handle Do Not Track signals?

We honor Do Not Track signals and do not plant tracking cookies or use advertising when a Do Not Track (DNT) browser mechanism is in place. However, some cookies are necessary to fulfill your requests as authentication or subscription management. We do not allow third-party behavioral tracking.

COPPA (Children Online Privacy Protection Act)

We do not specifically market to children under the age of 13 years old and do not allow third-parties, including ad networks or plug-ins collect PII from children under 13.

Fair Information Practices, GDPR

In order to be in line with Fair Information Practices We will take the following responsive action, should a data breach occur: We will notify you by email without undue delay after becoming aware of any Personal Data Breach. We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors. Please refer to Stelace Data Processing Agreement when before using our services.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. We collect your email address in order to: • Send information, respond to inquiries, and/or other requests or questions • Process subscriptions and send related information and updates • Send you additional information related to your subscribed plan • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred. To be in accordance with CANSPAM, We agree to the following: • Not use false or misleading subjects or email addresses. • Identify the message as an advertisement in some reasonable way when applicable. • Include the physical address of our business or site headquarters. • Monitor third-party email marketing services for compliance, if one is used. • Honor opt-out/unsubscribe requests quickly. • Allow users to unsubscribe by using the link at the bottom of each non-transactional email.

Contacting Us

If there are any questions regarding this Privacy Policy and Data Processing Agreement, you may contact us using the information below. privacynull@stelace.com or Sharinplace 12 rue Dumas, BAL 68 93800 Epinay-sur-Seine France Last Edited on 2018-05-14

Data Processing Agreement

This Data Processing Agreement (“DPA”) reflects the agreement between the Parties (“You” and “Stelace”) with the terms governing the processing of Personal Data under the Stelace General Terms and Conditions of Use. This Data Processing Agreement is an amendment to the General Terms and Conditions of Use and is effective upon its publication. This DPA forms an integral and inseparable part of the Agreement of Stelace General Terms and Conditions of Use, also refered to as “Agreement”. This DPA shall become effective when electronically agreed to by the Customer (You). In all cases Stelace (“Processor”), or a third party acting on behalf of Processor, acts as the processor of Personal Data and you (“Controller”) remain controller of Personal Data. The term of this DPA shall follow the term of the General Terms and Conditions of Use. Terms not otherwise defined herein shall have the meaning as set forth in the General Terms and Conditions of Use.

A. Definitions

Unless otherwise defined in this DPA terms shall be understood as mentioned by Art. 4 GDPR. “GDPR” means the General Data Protection Regulation (EU) 2016/679. “Data Protection Regulation” means all applicable laws relating to data protection, including without limitation the laws implementing EU Directive 95/46/EC and EU Directive 2002/58/EC and the GDPR (when applicable) and any amendments to or replacements for such laws and regulations. “Personal Data” means any individual element of information concerning the personal or material circumstances of an identified or identifiable individual. “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. “Processing” means processing of Personal Data on behalf, encompassing the storage, amendment, transfer, blocking or erasure of personal data by the processor acting on behalf of the Controller.

B. Scope and Responsibility

The Customer, hereafter refered to as “Controller”, certifies that the person agreeing has the legal authority to agree to and enter into this DPA. Processor shall process Personal Data on behalf of Controller. Processing shall include actions specified in the General Terms and Conditions of Use in order to provide the Services to the Customer. Within the scope of the General Terms and Conditions of Use, Controller shall be solely responsible for complying with the statutory requirements relating to data protection, in particular regarding the transfer of Personal Data to the Processor and the Processing of Personal Data. Based on this responsibility, Controller shall be entitled to demand the rectification, deletion, blocking and making available of Personal Data during and after the term of the General Terms and Conditions of Use in accordance with the further specifications of such Agreement on return and deletion of personal data. The regulations of this DPA shall equally apply if testing or maintenance of automatic processes or of processing equipment is performed on behalf of Controller, and access to Personal Data in such context cannot be excluded. Processing of Personal Data under this DPA is for the purpose of providing the Service to the Customer. Processing of Personal Data in this context refers mainly to maintenance, storage, technical support and other equivalent processing activities. The categories of Data Subjects processed for the purposes of the Service include Customer's representatives and end-users. Type of Personal Data processed contains information, including Personal Data, uploaded to the Service by the Customer or its end-users, for example contact details and purchase data. Personal Data may be processed as long as the Service is provided under the Agreement and after that if required by applicable law or contractual obligations or rights of either Party.

C. Stelace obligations as Processor

Stelace shall collect, process and use Personal Data only within the scope of the Service defined in General Terms and Conditions of Use and in compliance with Data Protection Regulation. Within Processor’s area of responsibility, Stelace shall structure Processor’s internal corporate organisation to ensure compliance with the specific requirements of the protection of Personal Data. Stelace shall take the appropriate technical and organisational measures to adequately protect Controller’s Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure for the purposes of the Service. In the event of a Personal Data Breach, Stelace shall notify the Customer without undue delay after becoming aware of the Personal Data Breach and take reasonable steps to mitigate any damage resulting from such breach. The notification shall contain information Stelace is reasonably able to disclose to the Customer, including following information: a description of the nature of the Personal Data Breach including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of data records concerned; the name and contact details of contact point where more information can be obtained; a description of likely consequences of the Personal Data Breach; a description of the measures taken or proposed to be taken to address the Personal Data Breach. The information may be provided in phases if it is not possible to provide the information at the same time. Stelace shall ensure that its staff with access to Personal Data has committed to appropriate confidentiality. Stelace shall, at the Customer's written request, provide reasonable assistance to the Customer by providing such readily available information, or creating such information, as the Customer may reasonably require and which the Customer does not have, in complying with the requests of the Data Subject or supervisory authority or any other law enforcement or regulatory authority. Stelace shall provide reasonable assistance to the Customer in ensuring compliance with its obligations set out in Data Protection Regulation. Stelace is entitled to charge the Customer for costs and expenses that were incurred as a result of such assistance. Stelace shall inform the Customer, as soon as reasonably practicable, if it receives a request from a Data Subject seeking to exercise his or her rights under the Data Protection Regulation. Stelace shall maintain records of processing activities under its responsibility to ensure Stelace's own compliance as a Data Processor, to the extent necessary to demonstrate compliance with Stelace’s obligations set out in this DPA and in the Data Protection Regulation. Stelace shall appoint a Data Protection Official, if this is legally required and, upon request of Controller, Stelace shall notify to Controller the contact details of the data protection official. Stelace shall inform Controller in case of a serious interruption of operations or violations by Stelace or persons employed by it of provisions to protect Personal Data or of terms specified in this DPA. In such an event, Stelace shall implement the measures necessary to secure the Personal Data and to mitigate potential adverse effects on the Data Subjects and shall agree upon the same with Controller without undue delay.

D. Your Obligations as Controller

Controller shall, upon termination or expiration of the General Terms and Conditions of Use and by way of issuing an Instruction, stipulate, within a period of time set by Processor, the reasonable measures to return data carrier media or to delete stored data. Any additional cost arising in connection with the return or deletion of Personal Data after the termination or expiration of the General Terms and Conditions of Use shall be borne by Controller. E. Transfer of Personal Data Where Controller, based upon applicable data protection law, is obliged to provide information to an individual about the collection, processing or use or its Personal Data, Stelace shall assist Controller in making this information available, provided that: (i) Controller has instructed Processor in writing to do so, and (ii) Controller reimburses Stelace for the costs arising from this assistance. Where a Data Subject requests the Processor to correct, delete or block Personal Data, Stelace shall refer such Data Subject to the Controller. Personal Data may be processed outside of the European Economic Area by Stelace or its subcontractors.

F. Third Parties

Stelace is entitled to use Third Parties and subcontractors for the purposes of providing the Service under the Agreement. Stelace provides a list of all used Third Parties at its Web Site (see the list Here). The Customer hereby consents to Stelace's use of Third Parties as described in this section and mentioned in the General Terms and Conditions of Use. Stelace shall update list at least 14 days before it authorizes new Third Parties. If the Customer objects, the Customer shall have the right to terminate the Agreement by written notice before the effective date of the change. Stelace shall use its commercially reasonable efforts to reasonably ensure that its Third Parties are subject to equivalent requirements regarding confidentiality and data protection, as set out in this DPA. Stelace remains responsible for its Third Parties and their compliance with the obligations of this DPA.

G. Audit

At the Customer's written request, Stelace shall provide the Customer with an audit report, which is not older than 12 months so that the Customer can reasonably verify Stelace's compliance with its obligations under this DPA. The report shall at all times be deemed as Stelace's confidential information.

H. Terms and termination

The DPA shall continue in force until the termination of the Agreement. Upon termination of the Agreement or upon the Customer’s written request, Stelace shall either destroy or return to the Customer or a third party designated by the Customer in writing the Personal Data processed hereunder. If not instructed otherwise in writing by the Customer, Stelace shall have the right to delete and destroy the Personal Data processed hereunder within three (3) months of the termination of the Agreement. In case the Customer demands that the Personal Data are returned to the Customer or to a third party in a specific format, the Customer will pay Stelace for reasonable costs and expenses arising out such return of the Personal Data.

Contacting Us

If there are any questions regarding this Privacy Policy and Data Processing Agreement, you may contact us using the information below. privacynull@stelace.com or Sharinplace 12 rue Dumas, BAL 68 93800 Epinay-sur-Seine France Last Edited on 2018-05-14

Third-party Data Processors

As mentioned in Stelace General Terms and Conditions of Use, Privacy Policy and Data Processing Agreement, Stelace uses Third Parties to provide you with services and handle appropriate data, including Personal Data. Third-Party Data Processors used by Stelace: • OVH • Amazon Web Services (AWS) • Google Analytics • Mailchimp • Typeform • SparkPost • Stripe • Mangopay • Zapier List of cookies and tracking services used on stelace.com: • AdWords Facebook (for Facebook advertising and FB Connect login): • Facebook Connect • Facebook Pixel Google Analytics (for analytics and retargeting ads): • GA Audiences • Google Analytics

Contacting Us

If there are any questions regarding this Privacy Policy and Data Processing Agreement, you may contact us using the information below. privacynull@stelace.com or Sharinplace 12 rue Dumas, BAL 68 93800 Epinay-sur-Seine France Last Edited on 2018-05-14